I will be going over how much data a thief has access to if they A) Steal your iPhone and B) Have ur passcode. This may apply to android.

1: The thief can access encrypted password protected note's with locks on them, after resetting (not disabling) TouchID or FaceID to their biometrics, the notes.app will not ask for note password and they can use their own face or finger to unlock it and view it. (the thief has no way of getting the password to the note if its not saved anywhere inside of the note, but they dont need it to access it after this.

2: The thief can view saved passwords in Settings.app after turning off or restting FaceID or TouchID.

3: The thief can reset/change iCloud/AppleID password with just a passcode kicking you off every device you own etc.

4: The thief can use any 3rd party apps that were biometricly tied to you, some apps will require account passwords for serious changes (like amazon.app)

Video I saw before testing: https://youtu.be/QUYODQB_2wQ

Comments

You must log in or register to comment.

dskatter t1_ja7v6pb wrote on February 27, 2023 at 2:31 PM

Simple solution to all of this: have a long passcode, and never enter it when you’re not in private or can’t cover part of the phone with your hand.

This is such an overblown non-issue.

mblend27 OP t1_ja7vp7q wrote on February 27, 2023 at 2:35 PM

Agreed, how many lashings do I get sir?

dskatter t1_ja7wiiv wrote on February 27, 2023 at 2:41 PM

Just an eyeroll.

It just amazes me how many oblivious people in the world will lock up their valuables but not take even the slightest bit of precaution with the portable computer with all their personal info that they constantly carry around.

“OMG SOMEONE TOOK MY PHONE AND SOMEHOW CRACKED MY CODE! Those dastardly geniuses somehow figured out my/my kid’s four digit birth month and year!”

mblend27 OP t1_ja9g6bk wrote on February 27, 2023 at 8:41 PM

To their credit, manufacturers lockdown phones much more restrictively than computers, giving false sense of security

krypt1xx t1_jab1ra5 wrote on February 28, 2023 at 3:23 AM

I laughed too hard at this🤣🤣

mblend27 OP t1_jab1wql wrote on February 28, 2023 at 3:24 AM

And get it was downvoted into my grave

ImChimeraX t1_ja7rsrr wrote on February 27, 2023 at 2:04 PM

For an end user the solution is multi factor authentication every time you want to use your phone. It already exists as an option on some privacy/security focussed Android custom builds, usually using an NFC tag, or by having to use both a PIN/password plus biometrics.

It's not very convenient so the vast majority of people wouldn't use it.

For corporately managed devices mobile device management solutions exist which can prevent the user from doing certain things, or from having access to certain things so there's more security there to protect corporate data and access to remote resources, but this isn't something most end users will have the knowledge or money to implement, and again, it's not very convenient due to the limitations.